+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 34
Wired Networks Thread, VLANS in Technical; I've never actually used a VLAN and we're running out of IP addresses and so thought it would be good ...
  1. #1

    Join Date
    Feb 2007
    Location
    Leicestershire
    Posts
    271
    Thank Post
    1
    Thanked 5 Times in 5 Posts
    Rep Power
    27

    VLANS

    I've never actually used a VLAN and we're running out of IP addresses and so thought it would be good to learn and implement them. I know the basics of them but have a question.

    I have a unifi wireless system where i would like the guest access to be completely separate to the main network with it's own range and DHCP server. We can have a VLAN setup up on our managed draytek router that just goes straight out to the internet. This would feed into out main switch that i would also tag this port. I would also need to set the guest ssid to the matching VLAN tag within the Unifi software.

    Would i need to the rest of the switches in the building to be layer 3? or would the fact I've tagged the traffic for the access points be ok?

  2. #2

    Join Date
    May 2010
    Posts
    1,116
    Thank Post
    108
    Thanked 101 Times in 76 Posts
    Rep Power
    51
    Doesn't have to be layer 3, but you need to have switches that support tagging (ieee 802.1q) like netgear layer 2+ else the traffic can't get from switch to switch. How you do this depends on switch type / make and the type of vlan you want to create.

  3. #3

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,988
    Thank Post
    842
    Thanked 584 Times in 456 Posts
    Rep Power
    276
    Everything you have said is correct, but you will also need to tag the vlan to the ports the Unifi are connected to to ensure they turn up at the access point.

  4. #4
    mrforgetful's Avatar
    Join Date
    May 2006
    Posts
    1,639
    Thank Post
    7
    Thanked 15 Times in 15 Posts
    Rep Power
    23
    Forget vLANs unless you have a need to implement them for security or network segmentation reasons.

    They add complication and overhead to all network traffic.

    Why not just change your subnet?

    We're on 255.255.224.0 which gives us 4000 IP addresses.

    There's no need to fiddle with tagging ports, making sure you've connected devices with static IPs into the correct port or anything like that.

  5. #5

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,235
    Thank Post
    603
    Thanked 1,094 Times in 842 Posts
    Blog Entries
    15
    Rep Power
    486
    No they do not really add complication, the benefits of separating VLANS outweight the overheads - especially if you need 4000 IPs.... If you want to worry about overhead, take a look at wireshark and see how much crap all your printers spout over your network and tell me vlanning them off wouldn't be a huge benefit!

  6. #6
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,258
    Thank Post
    218
    Thanked 231 Times in 200 Posts
    Rep Power
    74
    Agreed, with a network of that size the broadcast traffic would be outrageous! VLAN's are worth the extra bit of time to setup. It also future proofs you for things like VoIP and video streaming if your school heads down these routes.

  7. #7
    mrforgetful's Avatar
    Join Date
    May 2006
    Posts
    1,639
    Thank Post
    7
    Thanked 15 Times in 15 Posts
    Rep Power
    23
    I don't use them silly, it was just an example of if more IPs is the only reason you're looking at them, then it's not the only solution.

  8. #8

    Join Date
    Feb 2014
    Location
    West London
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    VLANs aren't just for security. They're very useful methods of splitting up network traffic to make the network as a whole more managable. VLANs are definitely worth the small extra overhead on network switches and the extra configuration you'll need to implement them.

    The key though, is designing your VLAN structure sensibly.

    We have 25 VLANs on our network, mainly because we have over 100 Apple TVs, and the amount of Bonjour traffic they generate means we have to split the network into multiple small segments. If you've ever tried using more than about 10 Apple TVs on the same LAN, you'll know what I mean.

  9. #9

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,156
    Thank Post
    522
    Thanked 2,551 Times in 1,980 Posts
    Blog Entries
    24
    Rep Power
    877
    VLANs are useful for many reasons, but that's somewhat off topic here.

    To successfully use VLANs on a network you need layer 2 switches that support 802.1q, and something to do inter-vlan routing. This can either be a discreet router or a layer 3 switch which supports routing. I use an HP Procurve 5406zl for the routing stuff here.

    The setup for the wifi would be, on the switch port the AP is plugged in, untagged for the admin vlan (ie. the vlan which contains the IP address of the AP), and tagged for any VLANs which are used for specific wireless networks. Then in your wireless config, you assign the SSID to the VLAN number.

    The core or router would then have routing enabled, to allow traffic to traverse the network from the originating VLAN to any destination VLAN. Those rules can be as wide as "allow everything" (which you'd use for internal network VLANs) or "allow only access to this IP address on this port" which you'd use for guest wireless.

  10. #10

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,235
    Thank Post
    603
    Thanked 1,094 Times in 842 Posts
    Blog Entries
    15
    Rep Power
    486
    It's also prudent to think ahead. If you need to make changes to your network anyway, you might as well set yourself up for the future otherwise you'll just make more work for yourself. We needed to expand our IP allocation (gave ourselves 8000 - slight overkill but semeed to make sense, given the following assumptions:
    Every pupil has a device (smartphone) and the possibility of a 1:1. Not probably, but possible.
    Every staff member has a device (smartphone) and the possibility of a school provided device.
    Around 100 wirelessly connected devices on top of those.

    Possibility and probability are different things, and by working to what is possible, we are very well set for the future, whatever it brings. There was a learning curve getting vlans and subnets in place but very, very well worth it.

  11. #11

    Join Date
    May 2010
    Posts
    1,116
    Thank Post
    108
    Thanked 101 Times in 76 Posts
    Rep Power
    51
    Another example, I just created a 5 port switch within a 24 port switch for WAN using VLANS

  12. #12

    Join Date
    Feb 2007
    Location
    Leicestershire
    Posts
    271
    Thank Post
    1
    Thanked 5 Times in 5 Posts
    Rep Power
    27
    Thanks for all the replies.

    I'm a little confused at the moment. We have 15 unifi access points. For these access points we can setup different SSIDs and tie them to different VLANS. If i tag the ports that these access points feed into which VLAN do i use?

    As an example:

    We have a guest wifi and our main school wifi.

    If the guest wifi ssid was set to vlan10 what would we set the port on the switch too so the main school ssid still worked?

    or can you set ports to more than one vlan?
    Last edited by nathan; 10th July 2014 at 09:51 AM.

  13. #13

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,156
    Thank Post
    522
    Thanked 2,551 Times in 1,980 Posts
    Blog Entries
    24
    Rep Power
    877
    The "management VLAN" should be untagged. Then all the VLANs for the wireless SSIDs would be tagged.

  14. #14

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,988
    Thank Post
    842
    Thanked 584 Times in 456 Posts
    Rep Power
    276
    Quote Originally Posted by nathan View Post
    Thanks for all the replies.

    I'm a little confused at the moment. We have 15 unifi access points. For these access points we can setup different SSIDs and tie them to different VLANS. If i tag the ports that these access points feed into which VLAN do i use?
    Each one that exists on the Unifi as a SSID. For example we currently have 2 ssid, one is a guest with DHCP provided by the firewall on VLAN 6, the other is our main wireless on VLAN 1. The switch config tags VLAN 6 to each port with a Unifi hung off it. VLAN 1 is the default VLAN

  15. #15

    Join Date
    Feb 2007
    Location
    Leicestershire
    Posts
    271
    Thank Post
    1
    Thanked 5 Times in 5 Posts
    Rep Power
    27
    Quote Originally Posted by localzuk View Post
    The "management VLAN" should be untagged. Then all the VLANs for the wireless SSIDs would be tagged.
    So am i correct in saying i could have the following on a port:

    untagged
    vlan10

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Anyone got a HP to Netgear VLAN working?
    By ChrisH in forum Wireless Networks
    Replies: 7
    Last Post: 7th December 2006, 11:14 AM
  2. VLAN setup
    By dezt in forum Wireless Networks
    Replies: 4
    Last Post: 29th November 2006, 08:36 AM
  3. Question about VLans.............help?
    By Kyle in forum Windows
    Replies: 11
    Last Post: 6th November 2006, 12:48 PM
  4. How do you seperate your networks. Subnet / Vlan
    By drjturner in forum Wireless Networks
    Replies: 16
    Last Post: 28th September 2006, 07:24 AM
  5. Changing port vLANs on an HP ProCurve switch
    By MrDylan in forum Hardware
    Replies: 6
    Last Post: 9th March 2006, 03:13 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •